Software tag identification / Software version checks – This allows a hacked to target absolute software versions that have been updated to due to security hazards.

Denial of Service / Load testing / Rating Attacks – Can the website or indeed the server be crashed maliciously?

Memory and Stack Overflow attacks – Can the website / web services be bombarded with an overflow data in an attempt to exploit a memory loophole that allows a user to gain access to the server software in someday.

Website Software attacks

Cross scripting

Code injection

Form attacks (HTTP PUT/POST/TRACE)

Spam attacks / captcha checks

SQL injection

Old or backup files that can be used to exploit passwords and version information

Directory information.

Common server software CMS packages check.

If an SSL is present

SSL version checks

SSL encryotion checks

Are passwords and cookies encrypted during the user interaction with the website

DNS poisoning attacks – Can the DNS of the website be spoofed and the user redirected to a malicious version of the site?

Indirect attack – Can I get a virus through to a user on the domain email?

Many different tests will be performed through both automated and manual means:

At present we have tools to search for approximately 600 Common Vulnerabilities Exposures on common web servers types (Apache, IIS, Tomcat, JBoss)

We have a database that contains 723 techniques for remote exploits

Based on the technology we find on the website, we have up to 369 additional modules that allow for varying payloads to be delivered to the server

We have tools to identify and test 6400 scripts that are potentially dangerous from old and outdated versions of software such as WordPress/Joomla/Typo3.

Our database contains 1200 items which we check for in regards to old/outdated server software (separate from the script software)

In additional we have a manual process, to check the website for additional holes that aren’t easily spotted by automated software solutions mainly due to coding style and techniques.

Our penetration testing will be clearly visible within the customers website logs when reviewed also that gives the customer re-assurance that the tests we say we are going to do are actually done.